---
# Debian, ubuntu - venv
# RHEL family - non-venv
{% if base_distro in ["debian", "ubuntu"] %}
virtualenv: "{{ kolla_runtime_venv_path }}"
{% endif %}

kolla_base_distro: "{{ base_distro }}"
network_interface: "{{ api_interface_name }}"
network_address_family: "{{ address_family }}"
kolla_container_engine: "{{ container_engine }}"
docker_restart_policy: "no"

docker_apt_url: "http://{{ zuul_site_mirror_fqdn }}:8080/docker/{{ ansible_facts.distribution | lower }}"
docker_yum_url: "http://{{ zuul_site_mirror_fqdn }}:8080/docker/centos"

{% if container_engine == 'podman' %}
podman_debug: true
podman_registry_mirrors:
  - {{ infra_dockerhub_mirror }}
{% if need_build_image and is_previous_release %}
podman_registry: "primary:4000"
podman_registry_insecure: true
{% endif %}
{% else %}
docker_debug: true
docker_apt_package_pin: "5:28.*"
docker_yum_package_pin: "28.*"
docker_registry_mirrors:
  - {{ infra_dockerhub_mirror }}

# NOTE(bbezak): In Kolla CI K-A upgrade job needs following override
# as docker_registry var is being used both for docker daemon config
# - for kolla images build, and kolla-ansible container images sources.
# docker_custom_config gets precedence in docker daemon configuration.
{% if need_build_image and is_previous_release %}
docker_custom_config:
  insecure-registries:
    - primary:4000
{% endif %}
{% endif %}

# MariaDB/Galera - fine tune timeouts
mariadb_wsrep_extra_provider_options:
  - "gmcast.peer_timeout=PT15S"
  - "evs.suspect_timeout=PT10S"
  - "evs.inactive_timeout=PT30S"
  - "evs.keepalive_period=PT3S"

mariadb_monitor_connect_interval: "60000"
mariadb_monitor_connect_timeout: "180000"
mariadb_monitor_ping_interval: "60000"
mariadb_monitor_ping_max_failures: "10"
mariadb_monitor_ping_timeout: "10000"

nova_compute_virt_type: "{{ virt_type }}"

neutron_agents_wrappers: "yes"

enable_openstack_core: "{{ openstack_core_enabled }}"
enable_horizon: "{{ dashboard_enabled }}"
enable_heat: "{{ openstack_core_tested }}"

{% if scenario != 'bifrost' %}
kolla_internal_vip_address: "{{ kolla_internal_vip_address }}"
neutron_external_interface: "{{ neutron_external_interface_name }}"
openstack_logging_debug: "True"
nova_libvirt_logging_debug: "False"
openstack_service_workers: "1"
openstack_service_rpc_workers: "1"
{% endif %}

{% if need_build_image and not is_previous_release %}
# NOTE(Jeffrey4l): use different a docker namespace name in case it pull image from hub.docker.io when deploying
docker_namespace: "lokolla"
# NOTE(yoctozepto): use hostname or FQDN to be compatible between IPv4 and IPv6
# docker does not support referencing registry via an IPv6 address
# see: https://github.com/moby/moby/issues/39033
docker_registry: "primary:4000"
docker_registry_insecure: yes
{% if container_engine == 'podman' %}
podman_registry: "primary:4000"
podman_registry_insecure: yes
{% endif %}
openstack_tag: "{{ build_image_tag }}"
{% else %}
docker_namespace: openstack.kolla
{% if docker_image_tag_suffix %}
openstack_tag_suffix: "{{ docker_image_tag_suffix }}"
{% endif %}
{% endif %}

{% if scenario == "zun" %}
enable_zun: "yes"
enable_kuryr: "yes"
enable_etcd: "yes"
etcd_remove_deleted_members: "yes"
docker_configure_for_zun: "yes"
containerd_configure_for_zun: "yes"
enable_cinder: "yes"
cinder_cluster_skip_precheck: "yes"
# lvm backup driver for cinder-backup does not exist
enable_cinder_backup: "no"
enable_cinder_backend_lvm: "yes"
{% endif %}

{% if scenario == "ipv6" %}
enable_prometheus: "yes"
enable_prometheus_openstack_exporter: "no"
{% endif %}

{% if scenario == "nfv" %}
enable_tacker: "yes"
enable_neutron_sfc: "yes"
enable_mistral: "yes"
enable_valkey: "yes"
enable_barbican: "yes"
enable_heat: "yes"
# NOTE(yoctozepto): see https://bugs.launchpad.net/kolla-ansible/+bug/1906299
enable_aodh: "yes"
# TODO(gkoper): Remove after G/2026.1 release
{% if is_previous_release %}
enable_redis: "yes"
{% endif %}
{% endif %}

{% if scenario == "ironic" %}
enable_ironic: "yes"
enable_ironic_pxe_filter: "yes"
enable_prometheus: "yes"
enable_prometheus_openstack_exporter: "no"
ironic_dnsmasq_dhcp_ranges:
  - range: "10.42.0.2,10.42.0.254,255.255.255.0"
{% endif %}

{% if scenario == "masakari" %}
enable_masakari: "yes"
enable_valkey: "yes"
{% endif %}

{% if scenario == "cells" %}
enable_cells: "yes"
enable_proxysql: "yes"
enable_prometheus_proxysql_exporter: "yes"
{% endif %}

{% if scenario == "mariadb" %}
enable_fluentd: "yes"
enable_mariadb: "yes"
enable_memcached: "no"
enable_rabbitmq: "no"
enable_mariabackup: "yes"
{% endif %}

{% if scenario == "cephadm" %}
# kolla-ansible vars
enable_cinder: "yes"
enable_neutron_agent_ha: "yes"
enable_valkey: "yes"
cinder_cluster_name: "kolla_ceph"
# External Ceph
glance_backend_ceph: "yes"
cinder_backend_ceph: "yes"
nova_backend_ceph: "yes"
# RabbitMQ tuning
rabbitmq_cluster_partition_handling: "autoheal"
rabbitmq_extra_config:
  cluster_keepalive_interval: 50000
# TODO(gkoper): Remove after G/2026.1 release
{% if is_previous_release %}
enable_redis: "yes"
{% endif %}

enable_ceph_rgw: "yes"
ceph_rgw_hosts:
{% for host in hostvars | reject('equalto', 'localhost') %}
  - host: {{ host }}
    ip: {{ hostvars[host]['ansible_host'] }}
    port: 6780
{% endfor %}
{% endif %}

{% if tls_enabled %}
kolla_enable_tls_external: "yes"
kolla_enable_tls_internal: "yes"
kolla_copy_ca_into_containers: "yes"
kolla_enable_tls_backend: "yes"
{% if base_distro in ["debian", "ubuntu"] %}
openstack_cacert: "/etc/ssl/certs/ca-certificates.crt"
{% endif %}
{% if base_distro in ["centos", "rocky"] %}
openstack_cacert: "/etc/pki/tls/certs/ca-bundle.crt"
{% endif %}
kolla_admin_openrc_cacert: "{% raw %}{{ kolla_certificates_dir }}{% endraw %}/ca/root.crt"
rabbitmq_enable_tls: "yes"
libvirt_tls: "yes"
{% endif %}

{% if scenario == "ovn" %}
neutron_plugin_agent: "ovn"
neutron_ovn_distributed_fip: "yes"
neutron_enable_ovn_agent: "yes"
enable_octavia: "yes"
octavia_provider_drivers: "ovn:OVN provider"
octavia_provider_agents: "ovn"
neutron_dns_domain: "example.org."
# TODO(gkoper): Remove after G/2026.1 release
{% if is_previous_release %}
enable_redis: "yes"
{% endif %}
{% endif %}

{% if scenario == "prometheus-opensearch" %}
enable_central_logging: "yes"
enable_grafana: "yes"
enable_prometheus: "yes"
enable_prometheus_openstack_exporter: "no"
{% endif %}

{% if scenario == "magnum" %}
enable_designate: "yes"
designate_ns_record:
  - "ns.example.org"
enable_magnum: "yes"
enable_trove: "yes"
neutron_dns_domain: "example.org."
{% endif %}

{% if scenario == "octavia" %}
neutron_dns_integration: "yes"
neutron_dns_domain: "example.org."
enable_octavia: "yes"
# NOTE(wuchunyang): work around for qemu-kvm 5.1 can not attach second NIC.
# more: http://lists.openstack.org/pipermail/openstack-discuss/2021-February/020218.html
octavia_amp_flavor:
  name: "amphora"
  is_public: no
  vcpus: 2
  ram: 1024
  disk: 5
octavia_network_type: "tenant"
enable_valkey: "yes"
# TODO(gkoper): Remove after G/2026.1 release
{% if is_previous_release %}
enable_redis: "yes"
{% endif %}
{% endif %}

{% if groups['all'] | length == 1 %}
keepalived_track_script_enabled: "no"
{% endif %}

neutron_modules_extra:
  - name: 'nf_conntrack_tftp'
  - name: 'nf_nat_tftp'

{% if scenario == "haproxy" %}
kolla_external_vip_address: "{{ kolla_external_vip_address }}"
haproxy_single_external_frontend: "yes"
glance_external_fqdn: "glance.external"
horizon_external_fqdn: "horizon.external"
keystone_external_fqdn: "keystone.external"
neutron_external_fqdn: "neutron.external"
nova_external_fqdn: "nova.external"
nova_novncproxy_fqdn: "novncproxy.external"
placement_external_fqdn: "placement.external"
{% endif %}

{% if scenario == "lets-encrypt" %}
enable_horizon: "yes"
enable_letsencrypt: "yes"
letsencrypt_email: "usero@openstack.test"
letsencrypt_internal_cert_server: "https://pebble:14000/dir"
kolla_internal_fqdn: "{{ kolla_internal_fqdn }}"
kolla_admin_openrc_cacert: "{% raw %}{{ kolla_certificates_dir }}{% endraw %}/ca/pebble.crt"
database_enable_tls_internal: "yes"
database_enable_tls_backend: "yes"
{% endif %}

{% if scenario == "skyline" %}
enable_skyline: "yes"
{% endif %}

{% if scenario == "skyline-sso" %}
enable_skyline: "yes"
skyline_enable_sso: "yes"
{% endif %}

{% if scenario == "telemetry" %}
enable_aodh: "yes"
enable_ceilometer: "yes"
enable_gnocchi: "yes"
enable_valkey: "yes"
{% endif %}

{% if scenario == "federation" %}
enable_keystone_federation: true
{% endif %}

mariadb_monitor_read_only_interval: "30000"
mariadb_monitor_galera_healthcheck_timeout: "30000"
